diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2021-03-04 22:44:07 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-03-20 18:50:05 +0000 |
commit | 8076815fc2ffc8f632e73527ce2b7d158a29e9ea (patch) | |
tree | f48e8d74ac37850406966e47e7e0ce1687fc8fe7 | |
parent | 13cc68197f81bb7c76fa1abecc5dd720b8bdb8d5 (diff) | |
download | openembedded-core-contrib-8076815fc2ffc8f632e73527ce2b7d158a29e9ea.tar.gz |
cve-check: CVE_VERSION_SUFFIX to work with patched release
CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX"
or "patchX" as patched release.
also update testcases to cover this changes and set CVE_VERSION_SUFFIX
for sudo.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/lib/oe/cve_check.py | 7 | ||||
-rw-r--r-- | meta/lib/oeqa/selftest/cases/cve_check.py | 8 | ||||
-rw-r--r-- | meta/recipes-extended/sudo/sudo.inc | 2 |
3 files changed, 16 insertions, 1 deletions
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index ce755f940a..a1d7c292af 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -11,8 +11,13 @@ _Version = collections.namedtuple( class Version(): def __init__(self, version, suffix=None): + + suffixes = ["alphabetical", "patch"] + if str(suffix) == "alphabetical": version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(?P<patch_l>[a-z]))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" + elif str(suffix) == "patch": + version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(p|patch)(?P<patch_l>[0-9]+))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" else: version_pattern = r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?""" regex = re.compile(r"^\s*" + version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE) @@ -23,7 +28,7 @@ class Version(): self._version = _Version( release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")), - patch_l=match.group("patch_l") if str(suffix) == "alphabetical" and match.group("patch_l") else "", + patch_l=match.group("patch_l") if str(suffix) in suffixes and match.group("patch_l") else "", pre_l=match.group("pre_l"), pre_v=match.group("pre_v") ) diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py index 3f343a2841..d1947baffc 100644 --- a/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/meta/lib/oeqa/selftest/cases/cve_check.py @@ -34,3 +34,11 @@ class CVECheck(OESelftestTestCase): self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' < '1.0r'") result = Version("1.0b","alphabetical") > Version("1.0","alphabetical") self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' > '1.0'") + + # consider the trailing "p" and "patch" as patched released when comparing + result = Version("1.0","patch") < Version("1.0p1","patch") + self.assertTrue( result ,msg="Failed to compare version with suffix '1.0' < '1.0p1'") + result = Version("1.0p2","patch") > Version("1.0p1","patch") + self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'") + result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch") + self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'") diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc index 97ecabe0fc..0bea35a0a3 100644 --- a/meta/recipes-extended/sudo/sudo.inc +++ b/meta/recipes-extended/sudo/sudo.inc @@ -49,3 +49,5 @@ do_compile_prepend () { do_install_prepend (){ mkdir -p ${D}/${localstatedir}/lib } + +CVE_VERSION_SUFFIX = "patch" |